English Deutsch Español Français Italiano Portuguese Čeština Ελληνικά 中文(简体) 中文 (繁體) Tiếng Việt 日本語 ภาษาไทย Русский Български Nederlands Polski Svenska Norsk Dansk Suomi

McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams

Compatible with Windows 7

Works with Windows Vista

SPAMfighter is

Microsoft Gold Certified Partner

Hackers Heavily Targeted Social Networking Websites in 2009

According to a WHID (Web Hacking Incidents Database) report, cyber criminals heavily targeted social-networking websites during 2009.

Figures compiled for this report indicate that hackers used Facebook and Twitter as their premier targets. About 19% of incidents during January-June 2009 targeted social networks.

The report highlights that a lot of attacks against social-networking websites were based on XSS (cross-site scripting) bugs. Moreover, inadequate controls to block automatic attacks allow hackers to steal login credentials. In one incident, an attacker hacked an Admin account of Twitter, which contained a tool for password reset, and hijacked 33 accounts of high-profile personalities like President Barack Obama.

During 2009, website defacement continued to be the top motivator for Web-based attacks (28%). To explain defacement, the report states that it includes covert alterations and visible alterations. An example of covert alterations is malware installation. Hackers exploit flaws in Web applications for installing malicious software, which then contaminates visitors to the websites. These compromised websites become the criminals' key mode for disseminating Trojans, rootkits and viruses.

While these mediums of attack prevail, SQL Injection continues to be the most abused security flaw. With this attack, hackers insert malevolent JavaScript and change database contents. On the whole, the assault more or less appears similar to an XSS attack. This is because the assault ultimate objective is to execute malevolent JavaScript inside the victim's browser for theft of login credentials meant for accessing other Web programs.

Apart from these attack methods, another mainstream hacking tool during 2009 was CSRF (cross-site request forgery). An increase in hackers' exploitation of CSRF flaws matches 'abuse of authentication' because it provides a substitute technique for executing activities in the victim's name. Attackers leveraged CSRF attack methods to launch virus-based assaults, which quickly spread throughout Twitter and other social-networking websites.

Finally, the report authors state that it isn't enough to just have the knowledge of these threats - threats related to SQL Injections, social-networking sites, XSS, and CSRF attacks. Web surfers should understand the way to safeguard applications' integrity if they encountered these problems.

» SPAMfighter News - 04-03-2010

Bookmark and Share
Twitter Facebook RSS

SPAMfighter box shot

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail and Thunderbird

Optimize Slow PC

Optimize your Slow PC for better performance. Try FREE scan now

Exchange spam filter

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial

 

Spyware remover

Remove Spyware with SPYWAREfighter - Free 30 days trial


anti virus

Antivirus software for your Windows PC - Free 30 days trial

<<<>>>